Commit graph

647 commits

Author SHA1 Message Date
Bruno BELANYI 0b580b61e7 secrets: move into 'modules' 2021-09-26 23:09:33 +02:00
Bruno BELANYI c32be8ac02 project: bootstrap: retrieve agenix key 2021-09-26 23:09:33 +02:00
Bruno BELANYI 8eef7c260e ci: use 'nix flake check'
Now that I am using agenix, secrets stays encrypted at rest.
2021-09-26 23:09:33 +02:00
Bruno BELANYI 172e29db69 flake: remove 'git-crypt' 2021-09-26 23:09:33 +02:00
Bruno BELANYI 3d0d19d9a1 secrets: remove git-crypt 2021-09-26 23:09:33 +02:00
Bruno BELANYI e64fdcf38b secrets: remove git-crypt secrets 2021-09-26 23:09:33 +02:00
Bruno BELANYI 414c27ee63 modules: services: nginx: sso: use runtime secrets 2021-09-26 23:09:33 +02:00
Bruno BELANYI 7257f3156e machines: porthos: services: switch to agenix
The prep-work should be done now, time to hit the switch.
2021-09-26 23:09:32 +02:00
Bruno BELANYI c7766afe90 modules: services: nginx: allow sso secret files
This is in preparation of the migration to agenix, which does not allow
access to the secrets at build time.
2021-09-26 23:09:32 +02:00
Bruno BELANYI dc5a44ce82 home: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 5b0e0bcbc2 home: terminal: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI b90629fdd9 home: x: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI acc23ab684 home: wm: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 544aec0d91 home: mail: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI a12b629dc3 home: firefox: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI f61f11ba29 profiles: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI b46b918295 modules: services: drone: split into files
This is cleaner to read.
2021-09-26 23:09:32 +02:00
Bruno BELANYI ac90c5b11a modules: services: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 836b54b8eb modules: hardware: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI 7bec7ae0f9 modules: system: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI d5b09c48ef modules: programs: put modules into folders 2021-09-26 23:09:32 +02:00
Bruno BELANYI c88fa91671 modules: home: put into folder 2021-09-26 23:09:32 +02:00
Bruno BELANYI f09ba6b5be machines: porthos: users: use clear-text ssh key 2021-09-26 23:09:32 +02:00
Bruno BELANYI 33d539ed4f modules: system: users: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 91abacd0f6 modules: services: wireguard: use agenix secrets 2021-09-26 23:09:32 +02:00
Bruno BELANYI 16d3cd9f81 modules: services: nginx: use 'credentialsFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 7d37701811 modules: services: matrix: use 'mailConfigFile'
In preparation of the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 4643690b43 modules: services: paperless: use 'secretKeyFile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 5579baecfb modules: services: nextcloud: use 'credentialsfile'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI 9d8da4d2b2 modules: services: miniflux: use 'credentialsFiles'
In preparation for the migration to agenix.
2021-09-26 23:09:32 +02:00
Bruno BELANYI da63787874 modules: services: transmission: secrets w/ file
In preparation for the migration to using agenix.
2021-09-26 23:09:31 +02:00
Bruno BELANYI 98034a5410 secrets: register agenix secrets automatically 2021-09-26 23:09:31 +02:00
Bruno BELANYI 8664781da7 secrets: migrate to agenix
It is finally time to graduate to an actually secure, stateless
solution.
2021-09-26 23:09:31 +02:00
Bruno BELANYI abf526ae3c secrets: import 'agenix' module 2021-09-25 13:31:43 +02:00
Bruno BELANYI 7273f2102a flake: add 'agenix' 2021-09-25 13:30:51 +02:00
Bruno BELANYI 963c86c66f home: remove unused 'secrets' module 2021-09-25 13:27:01 +02:00
Bruno BELANYI f3519e845f home: ssh: add missing 'mkIf cfg.enable' 2021-09-24 01:21:57 +02:00
Bruno BELANYI 8ba1746be4 home: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI 313b0c23a9 modules: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI 176d95d890 machines: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI b398481ba3 pkgs: remove unused arguments 2021-09-24 01:21:57 +02:00
Bruno BELANYI d813d85af8 lib: remove 'with self;' 2021-09-24 01:21:57 +02:00
Bruno BELANYI 9473cff408 lib: modules: refactor 'mapModules'
Introduce the recursive version of this function, then refactor to
reduce repetition.
2021-09-24 01:21:57 +02:00
Bruno BELANYI 2b0b6f2004 lib: modules: document 'mapModules' 2021-09-24 00:26:28 +02:00
Bruno BELANYI 8852699c9a modules: services: nginx: use 'recursiveMerge' 2021-09-23 22:11:25 +02:00
Bruno BELANYI 364ea0404a home: wm: i3: use 'recursiveMerge' 2021-09-23 22:11:25 +02:00
Bruno BELANYI 8ce123c527 lib: attrs: add 'recursiveMerge' 2021-09-23 22:11:25 +02:00
Bruno BELANYI c13e57f584 modules: system: users: use 'initialHashedPassword'
This is the better option to use in case I want to have a stateless
system.
2021-09-23 21:30:24 +02:00
Bruno BELANYI 2f9d3417d4 modules: system: users: use 'ambroisie' password
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00
Bruno BELANYI 27040532bd modules: programs: steam: respect XDG conventions
Steam wants to pollute HOME with `.steam*` files and folders, which are
useless and annoying.

We want to make sure the wrappers are preferred when installing, so use
`lib.hiPrio` to ensure they get chosen.
2021-09-15 19:23:24 +02:00